Published on March 9th, 2016 | by MaxiSoler


Netsparker Infographic Statistics about 396 Security Scans

Crunching the Numbers After Scanning 396 Open Source Web Applications

Since 2011 Netsparker scanned 396 open source web applications. The scanners identified 269 vulnerabilities and we published 114 advisories about the 0-day ones. 32 of the advisories include details about multiple vulnerabilities. According to the statistics above, around 30% of the open source web applications we scanned had some sort of direct impact vulnerability.

Even though these statistics are based on a small sample of web applications that are being used on the internet, it does give us an indication of how vulnerable to malicious hacker attacks many websites are. Actually, when you think about it, 30% is a very low number. The majority of reports that researchers and web security organizations published throughout the years state that a very high percentage of the web applications tested were vulnerable. Typically these high percentages vary between 60% and 80%.

Top 3 Most Popular Web Application Vulnerability Types

Out of the 269 vulnerabilities the Netsparker web vulnerability scanners identified:

180 were Cross-site Scripting vulnerabilities. These include reflected, stored, DOM Based XSS and XSS via RFI.

55 were SQL Injection vulnerabilities. These also include the Boolean and Blind (Time Based) SQL Injections.

16 were File Inclusion vulnerabilities, including both remote and local file inclusions.

The rest of the vulnerability types are CSRF, Remote Command Execution, Command Injection, Open Redirection, HTTP Header Injection (web server software issue) and Frame injection.

Full Blog Post: here



Tags: , , , ,

About the Author

ToolsWatcher :) @maxisoler

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑